Lucene search
K

22 matches found

Github Security Blog
Github Security Blog
added 2026/06/10 8:32 p.m.20 views

PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

5.9AI score0.00024EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/10 8:32 p.m.6 views

GHSA-GHQ2-5C67-FPRM PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

6.8CVSS5.9AI score0.00024EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-4106

Malware in sbrugna...

6.5CVSS8.7AI score0.03644EPSS
Exploits3References33
RedhatCVE
RedhatCVE
added 2025/02/05 12:51 a.m.17 views

CVE-2024-37153

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...

7.5CVSS6.5AI score0.00618EPSS
Exploits1
OSV
OSV
added 2024/07/05 11:8 a.m.4 views

OESA-2024-1810 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Und...

7.4CVSS6.6AI score0.02207EPSS
Exploits0References2
CVE
CVE
added 2024/06/06 6:51 p.m.61 views

CVE-2024-37153

The CVE-2024-37153 issue affects Evmos (EVM hub on Cosmos). A vulnerability occurs when a local state change happens together with an ICS20 transfer within the same function, using the contract’s address as the sender in an ICS20 precompile transfer. This enables an effective “infinite money glit...

7.5CVSS7.3AI score0.00618EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/06 6:51 p.m.22 views

CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...

7.5CVSS6.5AI score0.00618EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 6:51 p.m.31 views

CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...

7.5CVSS7.1AI score0.00618EPSS
Exploits1References4
OSV
OSV
added 2023/10/11 7:10 a.m.8 views

OPENSUSE-SU-2023:0297-1 Security update for opera

This update for opera fixes the following issues: - Update to 103.0.4928.16 CHR-9416 Updating Chromium on desktop-stable- branches CHR-9433 Update Chromium on desktop-stable-117-4928 to 117.0.5938.89 CHR-9449 Update Chromium on desktop-stable-117-4928 to 117.0.5938.132 DNA-110337 Opera Intro...

8.8CVSS9AI score0.49013EPSS
Exploits3References4
OSV
OSV
added 2022/02/11 9:15 p.m.4 views

DEBIAN-CVE-2022-23633

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...

5.9CVSS5.8AI score0.02207EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/02/11 12:0 a.m.45 views

CVE-2022-23633 Exposure of sensitive information in Action Pack

Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is not notified of a close, ActionDispatch::Executor will not know to reset thread local state for the next request. This can lead to dat...

7.4CVSS7.6AI score0.02207EPSS
Exploits0References6
CNVD
CNVD
added 2015/11/19 12:0 a.m.4 views

StrongSwan Security Mechanism Bypass Vulnerability

strongSwan is an open source IPsec-based VPN solution for Linux. The server implementation of the EAP-MSCHAPv2 protocol in strongSwan's eap-mschapv2 plugin fails to properly validate the local state, allowing a remote attacker to bypass authentication by sending an empty Success message in respon...

5CVSS7.7AI score0.02582EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/04/30 4:9 p.m.7 views

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

4.3CVSS5.8AI score0.02051EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/03/11 4:51 p.m.3 views

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

4.3CVSS5.8AI score0.02051EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:36 p.m.6 views

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

4.3CVSS5.8AI score0.02051EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:16 p.m.8 views

Weld: Limited information disclosure via stale thread state

It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous...

4.3CVSS5.8AI score0.02051EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2010/05/19 4:29 p.m.7 views

postgresql: SQL privilege escalation via modifications to session-local state

PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, which allows remote authenticated users to gain...

6.5CVSS7.6AI score0.03644EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2010/01/15 12:0 a.m.28 views

Ubuntu Update for PostgreSQL vulnerabilities USN-876-1

Ubuntu Update for Linux kernel vulnerabilities USN-876-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8761.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for PostgreSQL vulnerabilities USN-876-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

6.5CVSS0.2AI score0.03644EPSS
Exploits5References2
Ubuntu
Ubuntu
added 2010/01/03 8:39 p.m.55 views

USN-876-1: PostgreSQL vulnerabilities

It was discovered that PostgreSQL did not properly handle certificates with NULL characters in the Common Name field of X.509 certificates. An attacker could exploit this to perform a machine-in-the-middle attack to view sensitive information or alter encrypted communications. CVE-2009-4034 It wa...

6.5CVSS8.2AI score0.03644EPSS
Exploits5
OpenVAS
OpenVAS
added 2009/12/30 12:0 a.m.38 views

FreeBSD Ports: postgresql-client, postgresql-server

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.5CVSS6.8AI score0.03644EPSS
Exploits5
Rows per page
Query Builder